International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-1, March 2012
Cloud Computing: Different Approach & Security Challenge Maneesha Sharma, Himani Bansal, Amit Kumar Sharma
ABSTRACT— Cloud computing has generated a lot of interest and competition in the industry and it is recognize as one of the top 10 technologies of 2010[1]. It is an internet based service delivery model which provides internet based services, computing and storage for users in all market including financial, health care & government. In this paper we did systematic review on different types of clouds and the security challenges that should be solved. Cloud security is becoming a key differentiator and competitive edge between cloud providers. This paper discusses the security issues arising in different type of clouds.
The diagram below depicts the Cloud Computing stack – it shows three distinct categories within Cloud Computing:
Keywords— Cloud, Security, Security challenges, Cloud computing
I. II. III.
I. INTRODUCTION The term “cloud” was coined from the computer network diagrams which uses it to hide the complexity of infrastructure involved. cloud computing provides software, platform and infrastructure as a service. its main features include resource pooling, rapid elasticity, measured service, on-demand self service and broad network access. so, a cloud is a collection of hardware and software that runs in a data centre and enables the cloud computing model. A cloud reduces capital investment, hardware cost and software licence cost. cloud computing also raises severe challenges especially regarding the security level required for the secure use of services provided by it. There are no publically available standards specific to cloud computing security. so, in this paper, we propose the following standards for maintaining security in an unsafe cloud computing environment. Main characteristics include; On-demand self-service. The ability for an end user to sign up and receive • services without the long delays that have characterized traditional IT. Broad network access. Ability to access the service via standard platforms • (desktop, laptop, mobile etc).
Resource pooling. Resources are pooled across multiple customers. Rapid elasticity. Capability can scale to cope with demand peaks. Measured Service. Billing is metered and delivered as a utility service.
Software as a Service, Platform as a Service and Infrastructure as a Service.
Fig.1 SaaS applications are designed for end-users, delivered over the web. PaaS is the set of tools and services designed to make coding and deploying those applications quick and efficient. IaaS is the hardware and software that powers it all – servers, storage, networks, operating systems CHARACTERISTICS OF SAAS[2]:
Manuscript received Ms. Maneesha Sharma#**student, Amity School of Engineering and TechnologyAmity University, Noida, UP,
[email protected] Ms. Himani Bansal*#Assist Prof, Department of Information Technology Dronacharya College of Engineering, Gr. Noida,
[email protected] Mr. Amit Kumar Sharma**Assoc. Prof, Department of Information TechnologyDronacharya College of Engineering, Gr.Noida
[email protected]
421
Web access to commercial software. Software is managed from a central location. Software delivered in a “one to many” model. Users not required to handle software upgrades and patches. Application Programming Interfaces (APIs) allow for integration between different pieces of software.
Cloud Computing: Different Approach & Security Challenge CHARACTERISTICS OF PAAS[2]:
Services to develop, test, deploy, host and maintain applications in the same integrated development environment. All the varying services needed to fulfil the application development process Web based user interface creation tools help to create, modify, test and • deploy different UI scenarios Multi-tenant architecture where multiple concurrent users utilize the same • development application Built in scalability of deployed software including load balancing and • failover Integration with web services and databases via common standards• Support for development team collaboration – some PaaS solutions include • project planning and communication tools Tools to handle billing and subscription management
CHARACTERISTICS OF IAAS[2]:
Resources are distributed as a service. Allows for dynamic scaling. Has a variable cost, utility pricing model. Generally includes multiple users on a single piece of hardware. II. VARIOUS TYPES OF CLOUDS
Fig. 2 Personal clouds: are used to provide a broad range of office and enterprise computing services. It involves applications for online collaboration, email and calendaring such as ERP software. Conventional approaches to computing have constraint our ability to meet the needs. For example, in traditional computing servers are dedicated to specific applications. This results in poor utilization of server. So, personal clouds provide a new architecture for improving efficiency. It includes a hosting platform, interfacing unit and infrastructure services. By building a personal cloud, we can deliver the benefits of public cloud without incurring the risk for the data and application.
Clouds are broadly classified as:
PERSONAL CLOUDS: Such clouds organization.
are
especially
operated
by
single
GENERAL CLOUDS: These clouds are used for providing services to common people.
DOMAIN-SPECIFIC CLOUDS: These clouds are maintained for specific requirements by a group of organizations. Fig. 3 (Personal Cloud Security Issues) MIXED CLOUDS: These clouds are a mixture of above said three clouds which can share data to achieve fulfil a specific requirement.
General Cloud: A general cloud in which a service provider makes resources such as applications and storage is available to the general public over the internet. The main advantages of using general cloud services are:
422
Easy and inexpensive setup because hardware, application and bandwidth costs are covered by the provider.
International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-1, March 2012
Scalability to meet needs. Economic for general public.
There are shared infrastructures and services in general cloud which may give rise to new security issues. The following security challenges are yet to be solved where the attacker or hacker needs to be hurdled:
The actual physical machine where the virtual server is running.
Placing malicious code on the physical machine.
Attack on VM (Virtual Machine) from other VMs.
DoS Attacks
Fig.5 (Domain Specific Cloud Security Issues) Hybrid Clouds: A hybrid cloud is a combination of at least one private cloud and at least one general cloud. It is a cloud computing environment in which an organization provides and manages resources internally and externally. It allows a business to take advantage of the scalability and cost effectiveness.
Risk of multiple cloud tenants.
Ongoing compliance concerns
Access control and identity management.
Data slinging
Fig. 4 (General Cloud Security Issues)
Domain Specific clouds: In the past few years, security investment was largly driven by regulatory mandates. for example payment card industry, data security standards mandates regular vulnaribility scanning of IT assests, retail and financial services organization purchased scanning and log management tools. Mount Sinai Hospital in Torento is building a community cloud in conjuction with the Canadian govt. that will give 14 areas hospitals shared access to a fatal ultrasound application and data storage for patient information. Security Issues in Domain Specefic:
Fig. 6 (Hybrid Cloud Security Issues)
III CONCLUSIONS
Compliance and auditing Intrusion Detection (IDS) and Firewall features. Access control Anti Virus/Anti Malware protection.
In this paper much of the work has been focused on types of clouds and their security challenges and it describes the way of designing the solution for the security threats. It gives a comparison between different services providers on different cloud services SaaS, PaaS, IaaS. This review shows that there are several types of clouds and the related security challenges on each level.
423
Cloud Computing: Different Approach & Security Challenge REFERENCES 1.
2.
3.
Tripathi, A.; Mishra, A.; IT Div., Gorakhpur Centre, Gorakhpur, India “Cloud Computing Security Considerations”, Signal Processing, Communications and Computing (ICSPCC), 2011 IEEE International Conference. UNDERSTANDING The Cloud Computing Stack SaaS, Paas, IaaS, © Diversity Limited, 2011 Non-commercial reuse with attribution permitted. Laura Smith on “ A health care community cloud takes shape” http://searchcio.techtarget.com/news/2240026119/a-health-carecommunity-cloud-takes-shape
424
